Обсуждение: privilege shedding

Is there a way to non-reversibly shed privilige within a PostgreSQL
session?

I would like to start a session as a superuser role, set up some views
and triggers as superuser, and then change role to a lesser role for
the remainder of the session.

It seems that if you use 'set role' for this, you get the lesser role,
but the original (superuser) role can be restored by another 'set
role' statement, without any re-authentication.  I would like the role
change to persist through the life of the session, without the option
of restoring the superuser role.


Thank you,
David

>>> dkeeney <dvkeeney@gmail.com> wrote:

> Is there a way to non-reversibly shed privilige within a PostgreSQL
> session?

> I would like the role
> change to persist through the life of the session, without the
option
> of restoring the superuser role.

We could use this in certain circumstances.  How about SET
AUTHORIZATION ROLE as syntax?  (I was trying to find a reserved word
to use where LOCAL and SESSION are now allowed which would have the
right connotations.  I'm entirely happy with this, but it doesn't seem
too bad....)

-Kevin